Commit Graph

104 Commits

Author SHA1 Message Date
Jamie McCrae c9fa60886b boot: boot_serial: Fix issue with encrypted second slot images
Fixes issues whereby encrypted images were not properly listed due
to not treating them as encrypted, also removes a piece of wrong
hack code that would never run as the primary slot cannot be
encrypted.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-08-09 07:45:22 +01:00
Jamie McCrae 61898dad92 boot: boot_serial: Add updated SMP header
Adds missing fields which were wrongly treated as part of the
operation value, which they were not, and adds a big/little
endian check.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-07-31 08:32:50 +01:00
Michal Gorecki 5404130e20 boot_serial: Fix build for 64-bit architectures
Typecasting pointer variables to uint32_t
instead of uintptr_t was causing build error
on 64-bit architecture.

This is useful, because I am currently working
on implementing support for 64-bit native target
in Apache Mynewt. There is unit test for boot_serial
and it cannot be compiled without this changes.

Signed-off-by: Michal Gorecki <michal.gorecki@codecoup.pl>
2023-07-26 13:16:21 +01:00
Jamie McCrae 9fad4c1f16 boot: boot_serial: Fix wrong cbor type for confirm
Fixes the wrong variable type being used for the confirm element.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-07-20 17:00:09 +01:00
Piotr Dymacz 6a8746d7ac boot_serial: fix image number handle in image upload request
According to the SMP protocol documentation [1], 'image number' value
in 'image upload request' is optional and can be included only in packet
with 'off' (data offset) set to '0' (first packet in upload request).

In one of recent changes (commit 'cb07e888691d'), initialization of the
'img_num' variable was removed which, in extreme case (no image number
provided in upload request), results in use of its uninitialized value
in flash_area_open() call which then might lead to request abort.

This fixes above regression and also makes MCUboot implementation of the
'image upload request' aligned with Zephyr documentation of the protocol
by considering image number only from first (off == 0) 'image upload
request' SMP packet. In addition, 'image number' value is set to '0' if
the request doesn't provide this field.

[1] docs.zephyrproject.org/latest/services/device_mgmt/smp_groups/smp_group_1.html

Fixes: cb07e88869 ("boot_serial: Replace cbor auto-generated code with zcbor functions")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2023-07-05 16:59:19 -06:00
Piotr Dymacz f2cb55027c boot_serial: fix misuse of 'matched' param from zcbor_map_decode_bulk()
The 'matched' param in zcbor_map_decode_bulk() function is 'pointer to
the counter of matched keys', not length of payload buffer.

Fixes: fac2cabe98 ("boot_serial: Add image state set/get")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2023-07-05 16:58:09 -06:00
Jamie McCrae 82feb9a4c5 boot_serial: Fix showing images that are not valid
Fixes an issue which was introduced in commit
fac2cabe98 which would show all
images, including those with invalid headers in the output of
images being listed.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-07-05 16:57:12 -06:00
Jamie McCrae fac2cabe98 boot_serial: Add image state set/get
Adds optional image state set/get functionality to serial recovery
mode which allows for listing image states and marking images to
be tested or as confirmed.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-25 14:19:20 -06:00
Daniel DeGrasse c393b54246 boot: boot_serial: fix usage of zcbor_new_encode_state API
Fix usage of zcbor_new_encode_state API, to correctly pass the payload
length. The previous usage was passing a pointer to the end of the
payload, which resulted in the ZCBOR structure being initialized with
an invalid `payload_end` field. On some platforms, this breaks MCUBoot
serial recovery, as the ZCBOR structures required to send response data
are invalid and can no longer be populated with response data.

Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
2023-05-25 14:17:20 -06:00
Jamie McCrae 0038f3967b boot: zcbor: Move copy script
Moves and updates the copy script to the zcbor folder

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-15 10:22:51 +02:00
Jamie McCrae cb07e88869 boot_serial: Replace cbor auto-generated code with zcbor functions
Replaces the auto-generated decoding/encoding files with inline code
for encoding/decoding cbor data structures, this adds the benefit of
allowing the elements to be in any order and reduces code size. To
accommodate this, zcbor_bulk has been imported from Zephyr.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-15 10:22:51 +02:00
Jamie McCrae db6ba46244 boot_serial: Unify zcbor include paths
Moves zcbor files to a subdirectory and replaces differing
include path styles to be unified.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-12 10:33:28 +01:00
Jamie McCrae 393af79ef1 boot_serial: Update zcbor files from zcbor 0.7.0
Updates zcbor files from version 0.7.0, needed for size variable
support.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-04-26 13:11:56 +02:00
Jamie McCrae f7d8660e85 boot_serial: Fix include paths for zephyr builds
Fixes include paths for zephyr builds to use the system zcbor_*
files rather than the local files.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-04-24 11:34:28 +02:00
Jamie McCrae e5c57dd134 boot_serial: Only have build number if non-zero
Only returns the build number in versions responses if the value
is non-zero.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-04-13 19:25:42 +02:00
Jamie McCrae 827118f2e4 boot: serial_recovery: Add image hash support
Adds support for outputting the image hash TLV in serial recovery
mode, which is needed to comply with the img_mgmt MCUmgr group
requirements.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-03-23 10:25:38 +01:00
Piotr Dymacz f5e7753b9e boot_serial: support fragmentation for outgoing SMP packets
The mcumgr packet sent over serial should be fragmented into frames of
up to 127 bytes, including 2-bytes frame start header and 1-byte for
terminating newline [1], resulting in up to 124 bytes for the base64
encoded payload.

Current implementation doesn't fulfill above requirement and transmits
single frames, without considering their length. This change introduces
support for fragmenting as defined in 'SMP over console' specification.

[1] github.com/apache/mynewt-mcumgr/blob/master/transport/smp-console.md

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2023-03-21 15:10:12 +01:00
Szymon Janc 874a0ab4d5 boot_serial: Fix Mynewt tests build
__packed may not be available in all environments. In such
case just fallback to  __attribute__((__packed__)).

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
2023-03-17 07:53:19 -03:00
Jamie McCrae e8294b2af5 boot_serial: Add packed to struct
Adds a packed attribute to the nmgr struct to avoid issues on
architectures that do not support unaligned memory access.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-03-15 09:23:04 +01:00
Dominik Ermel 2476988309 boot: Switch to flash_area_get_sector.
Replace flash_area_sector_from_off calls with flash_area_get_sector.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-03-14 08:13:20 -06:00
Dominik Ermel b26fc487ee boot/boot_serial: Add boot_reset_request_hook to bs_reset
When hooks are enabled then boot_reset_request_hook will be
called to check whether it is allowed to reset a device.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-14 16:33:34 -07:00
Michael Grand 5047f032c9 fih: Hardening of fault injection countermeasures
Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.

Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.

Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.

Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.

when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.

variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.

some others parts of the code have been hardenned (eg. loop on images)

Signed-off-by: Michael Grand <m.grand@trustngo.tech>
2023-01-30 09:34:34 -07:00
Jamie McCrae 9d3fd7f7eb boot_serial: Add unaligned stack buffer writing
Fixes a bug when writing to devices which have memory alignment
requirements with data being using directly from a zcbor-response
whereby the alignment of the buffer data does not meet the
requirements of the flash driver.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-01-03 12:18:54 +01:00
Jamie McCrae ad1fb3dde2 boot_serial: Allow using a buffer larger than 512 bytes
There are 3 levels of buffers and only the first one seems to be
configurable, this fixes that issue.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2022-12-04 13:20:46 +01:00
Jamie McCrae 0b6d3439bb boot_serial: Fix rc not being returned as a signed value
Fixes an issue whereby rc is a signed variable but is returned as
an unsigned variable in the zcbor functions.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2022-12-02 22:52:48 +01:00
Almir Okato 7d3622ffbb boot_serial: espressif: change CRC call for esp chips general compatibility
Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-11-11 11:22:00 -03:00
Gerard Marull-Paretas 4eca54f417 boot: serial: add missing Zephyr kernel.h include
boot_serial.c is using Zephyr Kernel APIs without including kernel.h.

Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
2022-10-06 13:58:42 +02:00
Almir Okato 90be6e6001 boot_serial: adding missing errno.h header
Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-09-29 11:37:13 -03:00
Piotr Dymacz 067f30ae96 boot_serial: explain disabled idle state in timeout based recovery
This adds short explanation (in form of a comment) why CPU shouldn't
enter idle state in timeout based serial recovery.

Ref: 3942e9bf8f ("boot_serial: fix serial recovery mode with timeout")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-08-13 16:02:53 +02:00
Piotr Dymacz 3942e9bf8f boot_serial: fix serial recovery mode with timeout
If 'BOOT_SERIAL_WAIT_FOR_DFU' is selected, the CPU shouldn't enter idle
state, waiting for interrupt from the console because we expect booting
if no mcumgr command is received within a configured timeout (with the
'CONFIG_BOOT_SERIAL_WAIT_FOR_DFU_TIMEOUT').

Without this fix, when using 'BOOT_SERIAL_WAIT_FOR_DFU' the boot process
hangs forever, waiting for input from console.

Fixes: e3822f8180 ("boot_serial: zephyr: Add optional timeout to enter serial recovery")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-08-12 13:35:51 +02:00
Stephanos Ioannidis 09e2bd70fd boot_serial: Fix incorrect format specifier for off_t
The `BOOT_LOG_INF` function, which uses the format specifiers defined
by the C standard, was incorrectly printing a variable with the type of
`off_t` using the `%x` format specifier, which is intended to be used
with the `int` type.

The `off_t` type, specified by the POSIX standard, is not guaranteed to
be `int`, and it may be defined as `long` or `long long` depending on
the toolchain and the target architecture.

This commit updates the print routine such that it casts the arguments
of the `off_t` type to `intmax_t` and prints them out using the
corresponding `%jx` format specifier.

Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
2022-08-04 09:28:17 +02:00
Fabio Baltieri 888e261a76 boot_serial: add "zephyr/" prefix to __ZEPHYR__ includes
Add relevant "zephyr/" prefixes to allow building with the Zephyr
option CONFIG_LEGACY_INCLUDE_PATH=n.

Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
2022-07-26 19:20:21 +02:00
Almir Okato e8cbc0d0f1 boot_serial: espressif: ESP32 serial recovery mode interface
Add the serial adapter for ESP32 for boot recovery and MCUMGR
communication.

Signed-off-by: Almir Okato <almir.okato@espressif.com>

espressif: Configure console via bootloader_support functions

Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-07-19 11:07:04 -03:00
Szymon Janc 1270880d2f boot_serial: Fix compilation due to danling pointer
repos/mcuboot/boot/boot_serial/src/zcbor_decode.c:341:52: error:
     dangling pointer ‘result’ to ‘dummy’ may be used
     [-Werror=dangling-pointer=]
  341 |         state->payload_end = result->value + result->len;
      |                                              ~~~~~~^~~~~
repos/mcuboot/boot/boot_serial/src/zcbor_decode.c:325:37: note: ‘dummy’
     declared here
  325 |                 struct zcbor_string dummy = {};
      |                                     ^~~~~
repos/mcuboot/boot/boot_serial/src/zcbor_decode.c:341:36: error:
     dangling pointer ‘result’ to ‘dummy’ may be used
     [-Werror=dangling-pointer=]
  341 |         state->payload_end = result->value + result->len;
      |                              ~~~~~~^~~~~~~
repos/mcuboot/boot/boot_serial/src/zcbor_decode.c:325:37: note: ‘dummy’
     declared here
  325 |                 struct zcbor_string dummy = {};
      |                                     ^~~~~
cc1: all warnings being treated as errors

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
2022-06-27 14:28:45 -06:00
Dominik Ermel 7d2f0bf425 boot_serial: Refactoring writes
The commit reduces write logic.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-06-23 09:40:56 +02:00
Dominik Ermel bcc17b4575 boot_serial: Refactoring of erase logic
The progressive erase and non-progressive erase code has been
refactored; some additional comments have been added to logic.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-06-23 09:40:56 +02:00
Dominik Ermel 2f2b31cb90 boot_serial: Remove unneeded carriage return at the end of frame
The correct end of SMP frame, over console, is single '\n'.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-06-22 14:35:42 +02:00
Dominik Ermel 5bd8744e89 boot_serial: Refactoring variables used in image upload
Types of a few variables have been changed to more align with
what they represent; variables have been renamed to make their
purpose more clear.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-06-22 14:25:09 +02:00
Dominik Ermel d49cfc14c3 boot_serial: zephyr: Use snprintf to format version string
Move formatting of version string to use snprintf, which Zephyr
provides, instead defining utility function for that purpose.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-06-09 15:43:50 +02:00
Dominik Ermel 88bd567608 boot_serial: Fix echo command code no longer compiling
Fixing missed update from cddl to zcbor.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-06-08 12:51:04 +02:00
Øyvind Rønningstad a7d34caaa7 boot_serial: Upgrade from cddl-gen 0.1.0 to zcbor 0.4.0
cddl-gen has been renamed to zcbor.
Update regenerate_serial_recovery_cbor.sh and regenerate/recopy all
files.

Remove the submodule in ext/ since it is no longer necessary when
the zcbor package is installed (only needed for regeneration, not
for building).

Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
2022-04-06 17:46:15 -06:00
Dominik Ermel 4c0f6c177f boot_serial: Fix SMP echo sending incomplete CBOR container
In case when echo string would be too long to fit into buffer,
there would be no space left for container termination.
Due to lack of error checking such non-terminated container would
be sent out, where error response should be sent out instead.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-03-07 14:03:15 +01:00
Dominik Ermel 8dae84441f boot_serial: Correct MGMT_ERR_EUNKNOWN value
Should be 1, was 2.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-03-07 11:15:15 +01:00
Dominik Ermel 5ff8958117 boot_serial: Fix buffer overflow in boot_serial_out
The buf buffer set to collect total console payload consisting
of total size (two bytes), SMP header (eigth bytes), data payload
(bs_obuf, BOOT_SERIAL_OUT_MAX) and CRC (two bytes), pior to base64
encoding has been set to size of BOOT_SERIAL_OUT_MAX.
This means that if output data len, in bs_obuf, would be longer than
BOOT_SERIAL_OUT_MAX - 8 - 2 - 2, then composing of the output buffer
would overflow.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-03-07 10:18:50 +01:00
Wouter Cappelle e3ff17535c Add support for the mcumgr echo command in serial boot mode
Signed-off-by: Wouter Cappelle <wouter.cappelle@crodeon.com>
2022-02-22 09:27:57 -07:00
Carles Cufi b9192a4c80 boot: serial: Adapt to Zephyr's new CRC APIs
As part of https://github.com/zephyrproject-rtos/zephyr/pull/42457,
Zephyr recently changed its CRC APIs. The commit below
adapted the use of mcumgr in-tree, but MCUboot was missing the change:
07c78e515c

Note that although on other platforms the function called is
crc_ccitt(), the CRC16 actually used by MCUboot/mcumgr is:
https://reveng.sourceforge.io/crc-catalogue/16.htm#crc.cat.crc-16-xmodem

Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
2022-02-10 09:47:08 -03:00
Wouter Cappelle e3822f8180 boot_serial: zephyr: Add optional timeout to enter serial recovery
This PR adds the possibility to only enter the bootloader's
serial recovery mode when a mcumgr command is received within a
given timeout.

Signed-off-by: Wouter Cappelle <wouter.cappelle@crodeon.com>
2022-02-09 16:20:58 -07:00
Wouter Cappelle bb7a39d114 Add config option for caching of validation state of an image in primary slot for single loader
Signed-off-by: Wouter Cappelle <wouter.cappelle@crodeon.com>
2022-02-09 13:31:56 -07:00
Wouter Cappelle 953a76180d Add support for signed images in single loader mode
Signed-off-by: Wouter Cappelle <wouter.cappelle@crodeon.com>
2022-01-13 14:05:30 -07:00
Dominik Ermel 1eedec3e79 boot_serial: Fix Zephyr include path for reboot.h
It is sys/reboot.h now.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2021-12-16 14:51:02 +01:00